package org.farm2.tools.db.commons;

import org.apache.commons.lang3.StringUtils;
import org.farm2.tools.i18n.I18n;

public class FarmSqls {

    /**
     * 校验sql注入
     *
     * @param input
     */
    public static void wipeVirus(String input) {
        if (input != null) {

            input = StringUtils.replace(input, "'", "''");
            if (sql_inj(input)) {
                throw new RuntimeException(I18n.msg("?违反SQL注入风险约束！", input));
            }
        }
    }

    /**
     * 是否字符串有sql注入风险
     *
     * @param str
     * @return
     */
    private static boolean sql_inj(String str) {
        String inj_str = "'| and | exec | insert | select | delete | update | count |*|%| chr | mid | master | truncate | char | declare |;| or |+|,|--";

        String[] inj_stra = inj_str.split("\\|");
        for (int i = 0; i < inj_stra.length; i++) {
            String charstr = inj_stra[i];
            if (str.indexOf(charstr) >= 0) {
                return true;
            }
        }
        return false;
    }


}
